Table of Contents

  1. Introduction

  2. Chapter 1: Introduction to Computer Security

    1. Introduction

    2. How Seriously Should You Take Threats to Network Security?

    3. Identifying Types of Threats

      1. Malware

      2. Compromising System Security

      3. DoS Attacks

      4. Web Attacks

      5. Session Hijacking

      6. Insider Threats

      7. DNS Poisoning

      8. New Attacks

    4. Assessing the Likelihood of an Attack on Your Network

    5. Basic Security Terminology

      1. Hacker Slang

      2. Professional Terms

    6. Concepts and Approaches

    7. How Do Legal Issues Impact Network Security?

    8. Online Security Resources

      1. CERT

      2. Microsoft Security Advisor

      3. F-Secure

      4. SANS Institute

    9. Summary

  3. Chapter 2: Networks and the Internet

    1. Introduction

    2. Network Basics

      1. The Physical Connection: Local Networks

      2. Faster Connection Speeds

      3. Wireless

      4. Bluetooth

      5. Other Wireless Protocols

      6. Data Transmission

    3. How the Internet Works

      1. IP Addresses

      2. Uniform Resource Locators

      3. What Is a Packet?

      4. Basic Communications

    4. History of the Internet

    5. Basic Network Utilities

      1. IPConfig

      2. Ping

      3. Tracert

      4. Netstat

      5. NSLookup

      6. ARP

      7. Route

      8. PathPing

    6. Other Network Devices

    7. Advanced Network Communications Topics

      1. The OSI Model

      2. The TCP/IP Model

      3. Media Access Control (MAC) Addresses

    8. Cloud Computing

    9. Summary

  4. Chapter 3: Cyber Stalking, Fraud, and Abuse

    1. Introduction

    2. How Internet Fraud Works

      1. Investment Offers

      2. Auction Fraud

    3. Identity Theft

      1. Phishing

    4. Cyber Stalking

      1. Real Cyber Stalking Cases

      2. How to Evaluate Cyber Stalking

      3. Crimes Against Children

      4. Laws About Internet Fraud

    5. Protecting Yourself Against Cybercrime

      1. Protecting Against Investment Fraud

      2. Protecting Against Identity Theft

      3. Secure Browser Settings

      4. Protecting Against Auction Fraud

      5. Protecting Against Online Harassment

    6. Summary

  5. Chapter 4: Denial of Service Attacks

    1. Introduction

    2. DoS Attacks

    3. Illustrating an Attack

      1. Distributed Reflection Denial of Service Attacks

    4. Common Tools Used for DoS Attacks

      1. Low Orbit Ion Cannon

      2. XOIC

      3. TFN and TFN2K

      4. Stacheldraht

    5. DoS Weaknesses

    6. Specific DoS Attacks

      1. TCP SYN Flood Attacks

      2. Smurf IP Attacks

      3. UDP Flood Attacks

      4. ICMP Flood Attacks

      5. The Ping of Death

      6. Teardrop Attacks

      7. DHCP Starvation

      8. HTTP POST DoS Attacks

      9. PDoS Attacks

      10. Registration DoS Attacks

      11. Login DoS Attacks

      12. Land Attacks

      13. DDoS Attacks

      14. Yo-Yo Attack

      15. Login Attacks

      16. CLDAP Reflection

      17. Degradation of Service Attacks

      18. Challenge Collapsar Attack

      19. EDoS

    7. Real-World Examples of DoS Attacks

      1. Google Attack

      2. AWS Attack

      3. Boston Globe Attack

      4. Memcache Attacks

      5. DDoS Blackmail

      6. Mirai

    8. How to Defend Against DoS Attacks

    9. Summary

  6. Chapter 5: Malware

    1. Introduction

    2. Viruses

      1. How a Virus Spreads

      2. Types of Viruses

      3. Virus Examples

      4. The Impact of Viruses

      5. Machine Learning and Malware

      6. Rules for Avoiding Viruses

    3. Trojan Horses

    4. The Buffer-Overflow Attack

      1. The Sasser Virus/Buffer Overflow

    5. Spyware

      1. Legal Uses of Spyware

      2. How Is Spyware Delivered to a Target System?

      3. Pegasus

      4. Obtaining Spyware Software

    6. Other Forms of Malware

      1. Rootkits

      2. Malicious Web-Based Code

      3. Logic Bombs

      4. Spam

      5. Advanced Persistent Threats

      6. Deep Fakes

    7. Detecting and Eliminating Viruses and Spyware

      1. Antivirus Software

      2. Anti-Malware and Machine Learning

      3. Remediation Steps

    8. Summary

  7. Chapter 6: Techniques Used by Hackers

    1. Introduction

    2. Basic Terminology

    3. The Reconnaissance Phase

      1. Passive Scanning Techniques

      2. Active Scanning Techniques

    4. Actual Attacks

      1. SQL Script Injection

      2. Cross-Site Scripting

      3. Cross-Site Request Forgery

      4. Directory Traversal

      5. Cookie Poisoning

      6. URL Hijacking

      7. Command Injection

      8. Wireless Attacks

      9. Cell Phone Attacks

      10. Password Cracking

    5. Malware Creation

      1. Windows Hacking Techniques

    6. Penetration Testing

      1. NIST 800-115

      2. The NSA Information Assessment Methodology

      3. PCI Penetration Testing Standard

    7. The Dark Web

    8. Summary

  8. Chapter 7: Industrial Espionage in Cyberspace

    1. Introduction

    2. What Is Industrial Espionage?

    3. Information as an Asset

    4. Real-World Examples of Industrial Espionage

      1. Example 1: Hacker Group

      2. Example 2: Company Versus Company

      3. Example 3: Nuclear Secrets

      4. Example 4: Uber

      5. Example 5: Foreign Governments and Economic Espionage

      6. Trends in Industrial Espionage

      7. Industrial Espionage and You

    5. How Does Espionage Occur?

      1. Low-Tech Industrial Espionage

      2. Spyware Used in Industrial Espionage

      3. Steganography Used in Industrial Espionage

      4. Phone Taps and Bugs

      5. Spy for Hire

    6. Protecting Against Industrial Espionage

    7. Trade Secrets

    8. The Industrial Espionage Act

    9. Spear Phishing

    10. Summary

  9. Chapter 8: Encryption

    1. Introduction

    2. Cryptography Basics

    3. History of Encryption

      1. The Caesar Cipher

      2. Atbash

      3. Multi-Alphabet Substitution

      4. Rail Fence

      5. Scytale

      6. Polybius Cipher

      7. Enigma

      8. Binary Operations

    4. Modern Cryptography Methods

      1. Single-Key (Symmetric) Encryption

      2. Modification of Symmetric Methods

    5. Public Key (Asymmetric) Encryption

    6. PGP

    7. Legitimate Versus Fraudulent Encryption Methods

    8. Digital Signatures

    9. Hashing

      1. MD5

      2. SHA

      3. RIPEMD

    10. MAC and HMAC

      1. Rainbow Tables

    11. Steganography

      1. Historical Steganography

      2. Steganography Methods and Tools

    12. Cryptanalysis

      1. Frequency Analysis

      2. Modern Cryptanalysis Methods

    13. Cryptography Used on the Internet

    14. Quantum Computing Cryptography

    15. Summary

  10. Chapter 9: Computer Security Technology

    1. Introduction

    2. Virus Scanners

      1. How Does a Virus Scanner Work?

      2. Virus-Scanning Techniques

      3. Commercial Antivirus Software

    3. Firewalls

      1. Benefits and Limitations of Firewalls

      2. Firewall Types and Components

      3. Firewall Configurations

      4. Types of Firewalls

      5. Commercial and Free Firewall Products

      6. Firewall Logs

    4. Antispyware

    5. IDSs

      1. IDS Categorization

      2. Identifying an Intrusion

      3. IDS Elements

      4. Snort

      5. Honey Pots

      6. Database Activity Monitoring

      7. SIEM

      8. Other Preemptive Techniques

      9. Authentication

    6. Digital Certificates

    7. SSL/TLS

    8. Virtual Private Networks

      1. Point-to-Point Tunneling Protocol

      2. Layer 2 Tunneling Protocol

      3. IPsec

    9. Wi-Fi Security

      1. Wired Equivalent Privacy

      2. Wi-Fi Protected Access

      3. WPA2

      4. WPA3

    10. Summary

  11. Chapter 10: Security Policies

    1. Introduction

    2. What Is a Policy?

    3. Important Standards

      1. ISO 17999

      2. NIST SP 800-53

      3. ISO 27001

      4. ISO 27002

      5. ISO 17799

    4. Defining User Policies

      1. Passwords

      2. Internet Use

      3. Email Usage

      4. Installing/Uninstalling Software

      5. Instant Messaging

      6. Desktop Configuration

      7. Bring Your Own Device

      8. Final Thoughts on User Policies

    5. Defining System Administration Policies

      1. New Employees

      2. Departing Employees

      3. Change Requests

    6. Security Breaches

      1. Virus Infection

      2. DoS Attacks

      3. Intrusion by a Hacker

    7. Defining Access Control

    8. Development Policies

    9. Standards, Guidelines, and Procedures

      1. Data Classification

      2. DoD Clearances

    10. Disaster Recovery

      1. Disaster Recovery Plan

      2. Business Continuity Plan

      3. Impact Analysis

      4. Disaster Recovery and Business Continuity Standards

      5. Fault Tolerance

    11. Zero Trust

    12. Important Laws

      1. HIPAA

      2. Sarbanes-Oxley

      3. Payment Card Industry Data Security Standards

    13. Summary

  12. Chapter 11: Network Scanning and Vulnerability Scanning

    1. Introduction

    2. Basics of Assessing a System

      1. Patch

      2. Ports

      3. Protect

      4. Policies

      5. Probe

      6. Physical

    3. Securing Computer Systems

      1. Securing an Individual Workstation

      2. Securing a Server

      3. Securing a Network

    4. Scanning Your Network

      1. NESSUS

      2. OWASP Zap

      3. Shodan

      4. Kali Linux

      5. Vega

      6. OpenVAS

    5. Testing and Scanning Standards

      1. NIST 800-115

      2. NSA-IAM

      3. PCI -DSS

      4. National Vulnerability Database

    6. Getting Professional Help

    7. Summary

  13. Chapter 12: Cyber Terrorism and Information Warfare

    1. Introduction

    2. Actual Cases of Cyber Terrorism

      1. China’s Advanced Persistent Threat

      2. India and Pakistan

      3. Russian Hackers

      4. Iran–Saudi Tension

    3. Weapons of Cyber Warfare

      1. Stuxnet

      2. Flame

      3. StopGeorgia.ru Malware

      4. FinFisher

      5. BlackEnergy

      6. Regin

      7. NSA ANT Catalog

    4. Economic Attacks

    5. Military Operations Attacks

    6. General Attacks

    7. Supervisory Control and Data Acquisitions (SCADA)

    8. Information Warfare

      1. Propaganda

      2. Information Control

      3. Disinformation

    9. Actual Cases of Cyber Terrorism

    10. Future Trends

      1. Machine Learning/Artificial Intelligence

      2. Positive Trends

      3. Negative Trends

    11. Defense Against Cyber Terrorism

    12. Terrorist Recruiting and Communication

    13. TOR and the Dark Web

    14. Summary

  14. Chapter 13: Cyber Detective

    1. Introduction

    2. General Searches

      1. Email Searches

    3. Company Searches

    4. Court Records and Criminal Checks

      1. Sex Offender Registries

      2. Civil Court Records

      3. Other Resources

    5. Usenet

    6. Google

    7. Maltego

    8. Summary

  15. Chapter 14: Introduction to Forensics

    1. Introduction

    2. General Guidelines

      1. Don’t Touch the Suspect Drive

      2. Imaging a Drive with Forensic Toolkit

      3. Can You Ever Conduct Forensics on a Live Machine?

      4. Document Trail

      5. Secure the Evidence

      6. Chain of Custody

      7. FBI Forensics Guidelines

      8. U.S. Secret Service Forensics Guidelines

      9. EU Evidence Gathering

      10. Scientific Working Group on Digital Evidence

      11. Locard’s Principle of Transference

      12. The Scientific Method

      13. Standards

      14. Forensics Reports

      15. Tools

    3. Finding Evidence on a PC

      1. Finding Evidence in a Browser

    4. Finding Evidence in System Logs

      1. Windows Logs

      2. Linux Logs

    5. Getting Back Deleted Files

    6. Operating System Utilities

      1. net sessions

      2. openfiles

      3. fc

      4. netstat

    7. The Windows Registry

      1. Specific Entries

    8. Mobile Forensics: Cell Phone Concepts

      1. Cell Phone State

      2. Cell Phone Components

      3. Cellular Networks

      4. iOS

      5. Android

      6. What You Should Look For

    9. The Need for Forensic Certification

    10. Expert Witnesses

      1. Federal Rule 702

      2. Daubert

    11. Additional Types of Forensics

      1. Network Forensics

      2. Virtual Forensics

    12. Summary

  16. Chapter 15: Cybersecurity Engineering

    1. Introduction

    2. Defining Cybersecurity Engineering

      1. Cybersecurity and Systems Engineering

      2. Applying Engineering to Cybersecurity

    3. Standards

      1. RMF

      2. ISO 27001

      3. ISO 27004

      4. NIST SP 800-63B

    4. SecML

      1. SecML Concepts

      2. Misuse-Case Diagram

      3. Security Sequence Diagram

      4. Data Interface Diagram

      5. Security Block Diagram

    5. Modeling

      1. STRIDE

      2. PASTA

      3. DREAD

    6. Summary

  17. Glossary

  18. Appendix A: Resources

  19. Appendix B: Answers to the Multiple Choice Questions

  20. Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset